Control: User passwords should be rotated at regular intervals
Description
User passwords should be rotated at regulat intervals to remain compliant.
Usage
Run the control in your terminal:
powerpipe control run snowflake_compliance.control.security_overview_monitoring_users_for_password_rotationSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run snowflake_compliance.control.security_overview_monitoring_users_for_password_rotation --shareSQL
This control uses a named query:
select name as resource, case when name = 'SNOWFLAKE' then 'skip' when not has_password then 'skip' when now()::date - password_last_set_time::date > $1::int then 'alarm' else 'ok' end as status, case when name = 'SNOWFLAKE' then name || ' is a Snowflake Support user.' when not has_password then name || ' password not set.' else name || ' password rotated ' || (now()::date - password_last_set_time::date) || ' days ago.' end as reason, accountfrom snowflake_user;
Params
| Args | Name | Default | Description | Variable |
|---|---|---|---|---|
| $1 | password_age_max_days | |